Coming to a SOC Near You: New Browsers, ‘Posture’ Management, Virtual Assistants
Investors in tech startups like to maintain communities of independent CISOs that entrepreneurs use to explore threats and unsolved problems and to pitch solutions to. In this incubation space, several technologies have begun to stand out: enterprise Web browsers, data posture management, and new takes on automation.
And here’s what they have in common: They’re innovations that reduce complexity. Consider the impossibility of deploying agents or security controls across heterogeneous devices. To achieve full coverage, they must span employees, third parties, and post-M&A workforces — including personal devices that hit the cloud.
RSA’s 2022 Innovation Sandbox winner, Talon Cyber Security, and the startup Island, both believe the enterprise Web browser can solve this and become an external leg of the cloud security architecture.
User data travels in an encrypted connection between the cloud and the browser, the latter of which has been leaky. These new browsers are hardened to malware, contain data loss by blocking uploads, downloads, screen captures, or cut and paste. They also add a layer of privacy. As Ashland CISO Bob Schuetter notes, his secure browser masks Social Security numbers on the screen “so the service reps don’t have to look at the actual numbers all day.”
These browsers even allow recording sessions for visual playback during incident response. “In reality, what they are is a secure gateway for tracking who’s using what SaaS resources,” says Dr. Shane Shook, a cybercrime consultant and expert witness.
Compartmentalized away from the rest of the endpoint, a secure browser sandboxes Web client code, contains the accessed cloud data, and secures traffic between device and cloud. Proponents believe it could become the new cloud perimeter and deliver some of the failed promises of data loss prevention.
Automation Is Bigger Than SOAR
2022’s upstarts are pushing automation beyond the security orchestration and automated response (SOAR) category. Many of them note that SOAR speaks to a past when security was dominated by incident response.
Cybersecurity is now under the CIO as much as the CISO. All this creates a huge divide between the CISO’s organization that detect threats and the remediation plans which must span multiple departments, and often extend to partners.
There are a number of approaches here. SOAR startups Opus Security and Revelstoke push knowledge dissemination and best practices beyond the CISO. Torq, an Innovation Sandbox finalist, is being used to automate backlogs in IT account provisioning, a byproduct of identity attacks.
BrazenCloud envisions upgrading the plumbing beneath SOAR’s automation, which today mostly involves calling the APIs of other security applications. Yet scripting, open source, and one-off tools are popular in cybersecurity. This leads to the belief that cybersecurity’s automation providers should be the ones to move and execute these tool’s binaries and return their outputs — even for the notoriously ephemeral cloud workloads.
Making Data Security Cloud Native
On-premises data security was never that good at answering what data we have, where it’s located, and who’s accessing it. Now, this deficiency is getting addressed as data and metadata become increasingly distributed across multiple clouds.
Analysts are calling it data security posture management (DSPM), which unfortunately sounds like an older cloud security posture management (CSPM) category that Gartner split after ballooning out of control.
The more focused data posture management products integrate with cloud APIs, and map data and its usage. They aspire to relieve the ransomware threat with oversight into backups and to reduce the attack surface by sunsetting old data.
Despite the mind numbing acronyms, this new data-focused category is hot in 2022, with Concentric AI, Laminar, and Eureka Security receiving investments.
The sudden interest here is more than faddish copycatting. Cloud computing requires a higher bar for data security. Not being behind a well-defined perimeter, the cloud is public by default and thus hackers are one authentication hop from accessing the crown jewels.
Will AI Finally Deliver Cybersecurity Real Value?
Cybersecurity’s buzzword merchants have undermined artificial intelligence and machine learning, turning theminto gratuitous boxes to check. Yet a new generation of practitioners educated in AI and ML see routine success using facial and voice recognition. AI’s success outside cybersecurity, such as facial recognition, has come from tackling narrow problems where sophisticated examples exist to model or train against.
The startup community has begun wielding AI’s strengths to take the small stuff off the hands of practitioners. Some believe advanced virtual assistants (AVAs), similar to Siri or the writing-aide Grammarly, are an aspect of AI that can succeed in cybersecurity.
StrikeReady delivers the detection and response tools a practitioner would use, along with an AVA trained to handle certain security operations center (SOC) logistics. Another unnamed startup, still in stealth mode, is beta testing AVAs that curb the risky behaviors of end users.
Within startup incubation spaces, enterprise web browsers, virtual assistants, DSPM, and new automation may prove to be the new disruptors. Or they could just end up as a venture capitalist’s write-off. Either way, it’s the market — and security practitioners in the SOC — who will be the final arbiters of what’s useful and innovative.
Read More HERE